The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive types of security incidents. These types of breaches carried a price tag of $4.45 million per incident—approximately one million dollars more than the costs of a breach caused by a system glitch or human error.

This report highlights the costs associated with network intrusions, events with which Rob Joyce, senior advisor for cybersecurity strategy to the Director of the National Security Agency (NSA), is acutely familiar. As former chief of the Office of Tailored Access Operations (TAO), Joyce works with a team of hackers to produce foreign intelligence for a wide array of mission types. He knows firsthand why and how nation-state hackers succeed, and he knows what types of activities frustrate his team’s offensive campaigns. That is why he chose to speak at Enigma 2016 about what defenders and corporate organizations can do to defend against network intrusions.

In his presentation entitled “Disrupting Nation State Hackers,” Joyce broke down a network intrusion by nation-state attackers into six phases. He also provided tips on how defenders can prevent an attacker from moving between phases. Those stages are as follows:

1. Reconnaissance

In the first stage of an intrusion, a nation-state attacker works to understand their target. That effort begins with scanning, researching important people and email addresses associated with the target, looking up open-source information regarding the organization or government and documenting everything they find on the network. Joyce explains that while defenders might know what (Read more...)